Skip to content

Switch to go 1.25 os.Root #1410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 12, 2025
Merged

Switch to go 1.25 os.Root #1410

merged 1 commit into from
Nov 12, 2025

Conversation

@elezar
Copy link
Member

@elezar elezar commented Nov 3, 2025
edited
Loading

This change switches to using standard library functions for creating files in specified root folders. This removes the direct dependency on github.com/cyphar/filepath-securejoin and simplifies how libcontainer utilites are consumed.

This should unblock (or make redundant) the following PRs:

@elezar elezar force-pushed the use-os-root branch 2 times, most recently from 7754866 to 599ab62 Compare November 3, 2025 14:55
@elezar elezar added this to the next-minor milestone Nov 3, 2025
@elezar elezar modified the milestones: next-minor, v1.18.1 Nov 12, 2025
@elezar
Copy link
Member Author

elezar commented Nov 12, 2025

/cherry-pick release-1.18

@elezar elezar marked this pull request as ready for review November 12, 2025 10:25
ArangoGutierrez
ArangoGutierrez approved these changes Nov 12, 2025
View reviewed changes
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

os.Root is a new type that allows you to perform file operations, such as opening files, within a specific directory. This enhances security by restricting filesystem access to only that directory.

This was referenced Nov 12, 2025
Open
Open
Open
@elezar elezar force-pushed the use-os-root branch 2 times, most recently from b2574e3 to 3045bd7 Compare November 12, 2025 13:57
ArangoGutierrez
ArangoGutierrez approved these changes Nov 12, 2025
View reviewed changes
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-approve after new changes

@ArangoGutierrez ArangoGutierrez self-requested a review November 12, 2025 16:59
ArangoGutierrez
ArangoGutierrez approved these changes Nov 12, 2025
View reviewed changes
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit was updated

@elezar
Switch to go 1.25 os.Root
4a4e7f8 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar elezar merged commit b28c301 into NVIDIA:main Nov 12, 2025
13 checks passed
@elezar elezar deleted the use-os-root branch November 12, 2025 21:50
@github-actions github-actions bot mentioned this pull request Nov 12, 2025
Open
@github-actions
Copy link

github-actions bot commented Nov 12, 2025

🤖 Backport PR created for release-1.18: #1450 ⚠️ (has conflicts)

@elezar elezar mentioned this pull request Nov 12, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ArangoGutierrez ArangoGutierrez ArangoGutierrez approved these changes

Assignees

No one assigned

Labels

cherry-pick/release-1.18

Projects

None yet

Milestone

v1.18.1

Development

Successfully merging this pull request may close these issues.

2 participants

@elezar @ArangoGutierrez